Exposed database leaked 2FA SMS messages for large tech firms

TechCrunch reports that security researcher Anurag Sen has discovered an exposed database belonging to Asian technology and internet firm YX International that was leaking the contents of SMS messages sent to users, including one-time passcodes and links for password resetting for major technology and online firms including Google, Facebook, WhatsApp, and TikTok. YX reportedly left the internal database unprotected without a password, which allowed anyone with knowledge of the database’s public IP address to access the sensitive information using only a web browser.

Source: SC Magazine